[#OVSDB-224] IP ingress rule is not seen after a VM is spawned with the default Security Group

[OVSDB-224] IP ingress rule is not seen after a VM is spawned with the default Security Group Created: 17/Nov/15 Updated: 03/May/18 Resolved: 23/Dec/15
Status:	Resolved
Project:	ovsdb
Component/s:	openstack.net-virt
Affects Version/s:	unspecified
Fix Version/s:	None

Type:

Bug

Reporter:

Rijil Abraham

Assignee:

Aswin Suryanarayanan

Resolution:

Cannot Reproduce

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

Operating System: All
Platform: All

External issue ID:

4642

Description

With default SG, the default ip ingress rule is not seen. However, the egress ip rule is seen.

sdn@hpvantest:~/devstack$ sudo ovs-ofctl dump-flows br-int -O Openflow13
OFPST_FLOW reply (OF1.3) (xid=0x2):
cookie=0x0, duration=343613.125s, table=0, n_packets=15, n_bytes=1665, dl_type=0x88cc actions=CONTROLLER:65535
cookie=0x0, duration=65.978s, table=0, n_packets=6, n_bytes=480, in_port=1,dl_src=fa:16:3e:7c:cd:cb actions=set_field:0x3f1->tun_id,load:0x1->NXM_NX_REG0[],goto_table:20
cookie=0x0, duration=9.947s, table=0, n_packets=0, n_bytes=0, in_port=3,dl_src=fa:16:3e:2d:93:cf actions=set_field:0x3f1->tun_id,load:0x1->NXM_NX_REG0[],goto_table:20
cookie=0x0, duration=65.974s, table=0, n_packets=0, n_bytes=0, priority=8192,in_port=1 actions=drop
cookie=0x0, duration=9.841s, table=0, n_packets=0, n_bytes=0, priority=8192,in_port=3 actions=drop
cookie=0x0, duration=343613.021s, table=0, n_packets=2, n_bytes=168, priority=0 actions=goto_table:20
cookie=0x0, duration=343612.825s, table=20, n_packets=8, n_bytes=648, priority=0 actions=goto_table:30
cookie=0x0, duration=343612.752s, table=30, n_packets=8, n_bytes=648, priority=0 actions=goto_table:40
cookie=0x0, duration=66.223s, table=40, n_packets=0, n_bytes=0, priority=61012,udp,tp_src=68,tp_dst=67 actions=goto_table:50
cookie=0x0, duration=10.258s, table=40, n_packets=0, n_bytes=0, priority=61011,udp,in_port=3,tp_src=67,tp_dst=68 actions=drop
cookie=0x0, duration=9.999s, table=40, n_packets=0, n_bytes=0, priority=61007,ip,dl_src=fa:16:3e:2d:93:cf actions=goto_table:50 <==
cookie=0x0, duration=10.146s, table=40, n_packets=0, n_bytes=0, priority=36001,ip,in_port=3,dl_src=fa:16:3e:2d:93:cf,nw_src=192.168.34.3 actions=goto_table:50
cookie=0x0, duration=343612.656s, table=40, n_packets=8, n_bytes=648, priority=0 actions=goto_table:50
cookie=0x0, duration=343612.598s, table=50, n_packets=8, n_bytes=648, priority=0 actions=goto_table:60
cookie=0x0, duration=343612.512s, table=60, n_packets=8, n_bytes=648, priority=0 actions=goto_table:70
cookie=0x0, duration=343612.412s, table=70, n_packets=8, n_bytes=648, priority=0 actions=goto_table:80
cookie=0x0, duration=343612.311s, table=80, n_packets=8, n_bytes=648, priority=0 actions=goto_table:90
cookie=0x0, duration=10.385s, table=90, n_packets=0, n_bytes=0, priority=61006,udp,dl_src=fa:16:3e:7c:cd:cb,tp_src=67,tp_dst=68 actions=goto_table:100
cookie=0x0, duration=343612.217s, table=90, n_packets=8, n_bytes=648, priority=0 actions=goto_table:100
cookie=0x0, duration=343612.107s, table=100, n_packets=8, n_bytes=648, priority=0 actions=goto_table:110
cookie=0x0, duration=65.839s, table=110, n_packets=0, n_bytes=0, tun_id=0x3f1,dl_dst=fa:16:3e:7c:cd:cb actions=output:1
cookie=0x0, duration=9.721s, table=110, n_packets=0, n_bytes=0, tun_id=0x3f1,dl_dst=fa:16:3e:2d:93:cf actions=output:3
cookie=0x0, duration=65.513s, table=110, n_packets=0, n_bytes=0, priority=16384,reg0=0x2,tun_id=0x3f1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=output:1,output:3
cookie=0x0, duration=65.443s, table=110, n_packets=5, n_bytes=390, priority=16383,reg0=0x1,tun_id=0x3f1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=output:1,output:3
cookie=0x0, duration=65.334s, table=110, n_packets=0, n_bytes=0, priority=8192,tun_id=0x3f1 actions=drop
cookie=0x0, duration=343612.040s, table=110, n_packets=3, n_bytes=258, priority=0 actions=drop

Comments

Comment by Rijil Abraham [ 17/Nov/15 ]

Build Used - distribution-karaf-0.4.0-20151113.034639-2068.zip

Comment by Aswin Suryanarayanan [ 23/Dec/15 ]

The ingress rule of default SG has a remote SG associated with it in Liberty devstack. So when only one vm is there no rule will be added. When new vms are added to default SG, the ingress rule to allow traffic to the newly added vm will be added in the ovs table.

Generated at Wed Feb 07 20:35:50 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[OVSDB-224] IP ingress rule is not seen after a VM is spawned with the default Security Group Created: 17/Nov/15 Updated: 03/May/18 Resolved: 23/Dec/15